Investigators’ Responsibilities In Contract Lab Services
The FDA recently issued a warning letter to a Florida university’s principal investigator regarding a contract testing lab’s improper handling of data. The letter outlines significant deviations from current good manufacturing practice (cGMP) for active pharmaceutical ingredients (API), including claims that a student analyst falsified data.
Section 501(a)(2)(B) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) outlines cGMP for active pharmaceutical ingredients. Although the university responded previously that the violations were the result of actions of one individual, the FDA countered with additional concerns regarding the safety and quality of the lab.
Investigators and lab managers should take this warning letter as a reminder to conduct their own internal audit to ensure that activities are within the federal guidelines and regulations.
Data Security is Paramount
Investigators must adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs that are analyzed. Data integrity refers to the completeness, consistency, and accuracy of data.
This includes ensuring appropriate access controls and data security.
- Investigators should ensure that everyone with access to databases and systems should have an individual, secure login. Only authorized persons should have access to databases and software. When login credentials are shared, a unique individual cannot be identified through the login and the system would not conform to the cGMP requirements. The FDA requires that system controls, including documentation controls, be designed in accordance with cGMP to assure product quality.
- Raw data should be backed up, and an audit trail should be implemented. An audit trail means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record.
- Software used to store raw data should be validated. Even if you validate the computer system but you do not validate it for its intended use, you cannot know if your workflow runs correctly.
- Clear policies, procedures, and protocols for analyses should be outlined.
In assessing your own lab’s data security and integrity, it may be useful to ask these questions:
- Are controls in place to ensure that data is complete?
- Are activities documented at the time of performance?
- Are activities attributable to a specific individual?
- Can only authorized individuals make changes to records?
- Is there a record of changes to data?
- Are records reviewed for accuracy, completeness, and compliance with established standards?
- Are data maintained securely from data creation through disposition after the record’s retention period?
Establish a Quality System
Without an adequate Quality Unit (QU) and quality system in place, there is inadequate assurance that controls are implemented to ensure that cGMP testing operations are performing in a state of control. Develop and document detailed policies and procedures, as well as establish the roles that will focus on quality and define their responsibilities.
Ensure Appropriate Staff Training
Training should be regularly conducted and cover, at a minimum, the particular operations that each employee performs and cGMP as they relate to the employee’s functions. This includes any students or interns who may be working in the lab. (Note: CITI Program, a part of BRANY, offers an online GMP course that provides an introduction to GMP for pharmaceuticals and the current U.S. FDA regulations.) The training should be documented.
Failing to comply with these regulations can have significant impact on lab operations. As a result of the FDA’s determinations, the university ceased testing operations for this lab.
Auditing your own internal processes and procedures can go a long way to preventing such a negative impact on operations, not to mention improving the quality and security of data.